This is a discussion on user name in ticket - Kerberos ; Hi All I have AD environment with IE and apache web server. The web server configure (web server have AD user with keytab) to required IE clients to be authenticate. The client sends to the web server krb ticket. This ...
Hi All
I have AD environment with IE and apache web server.
The web server configure (web server have AD user with keytab) to required
IE clients to be authenticate.
The client sends to the web server krb ticket. This ticket includes the
client name.
According to RFC4120 section 5.3 it should have.
My question is: what is the source of the name? It is taken from the TGT,
when the user logged on to AD? Or it taken from the user name in request
from AD for this specific ticket (The client sends it name in clear with the
request)?
Regards
Yuval
Abadi
